package com.example.demo.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpStatus;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
import org.springframework.security.web.util.matcher.RequestMatcher;

import javax.servlet.http.HttpServletRequest;

/**
 * @author yeqiang
 * @since 11/18/20 2:32 PM
 */
@Configuration
@EnableWebSecurity
// @EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Bean
    public UserDetailsService users() {
        UserDetails user = User.builder().username("user")
                .password("{bcrypt}$2a$10$GRLdNijSQMUvl/au9ofL.eDwmoohzzS7.rmNSJZ.0FxO/BTk76klW").roles("USER").build();
        return new InMemoryUserDetailsManager(user);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests(
                a -> a.antMatchers("/private/**").authenticated()
                        .anyRequest().permitAll())
                .exceptionHandling(e -> e.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)))
                .oauth2Login().and().logout(l -> l.logoutSuccessUrl("/").permitAll())
                .csrf().disable() //暂时关闭csrf，忘记怎么配置了
//                // csrf token 放入cookie
//                .csrf(c -> c.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()))
//                .csrf(c -> c.requireCsrfProtectionMatcher(new RequestMatcher() {
//                    @Override
//                    public boolean matches(HttpServletRequest request) {
//                        String path = request.getServletPath();
//                        // 开启csrf后，需要对静态资源作排除，防止静态资源报错403，针对前后分离部署的，不需要
//                        if(path.startsWith("/druid") || path.startsWith("/oauth2/") || path.endsWith(".html") || path.endsWith(".css") || path.endsWith(".js")){
//                            return false;
//                        }
//                        return true;
//                    }
//                }))
        ;
    }
}
